%{
	//#include "common.h"
	#include <stdio.h>
	
	#define MY_API	"my_api.c"
	#define SIAS "SQL Injection Attack Prevention!!\n"
	#define SIAD "SQL Injection Attack Detection!!\n"
	
	int CDTC = 0;
	int CPRV = 0;
%}

%%
[sS][eE][lL][eE][cC][tT]" * "	{ CDTC++; }

[oO][rR]" '"[A-Za-z]+"'"		{ CPRV++; }
"='"[A-Za-z]+"'"				{ CPRV++; }

[A-Za-z][A-Za-z0-9_]* |
[0-9]+						{}

[-+*/%={}<>.:m;"()!&,#']	{}

"[" |
"]"							{}
\n
[ \t\r]+;
%%

int main()
{
	yyin = fopen( MY_API, "r" );
	yylex();
	
	//printf( "select * from Member\n" );
	printf( "select * from Member where username='skku1' and password = 'pass1' OR 'x'='x'\n" );
	//query_stat = mysql_query(connection, "select * from Member");
	//query_stat = mysql_query(connection, "select * from Member where username='skku1' and password = 'pass1' OR 'x'='x'");  
	if ( CDTC >= 1 )
		printf( SIAS );
	if ( CPRV >= 2 )
		printf( SIAD );
}